There's a common but potentially devastating cyber security misconception among small businesses. This is the small fish in a big pond argument that a small business is just one target out of millions of businesses. This implies that they benefit from a safety in numbers, especially when there are much bigger and more tempting businesses for hackers to target.
However, this argument doesn't hold up because small businesses don't have the security resources of large businesses. This makes them much easier and more attractive to hack. Hackers also use software to locate targets according to varying criteria, many of which have to do with security vulnerabilities. If a target looks promising, hacking attempts will be made, regardless of business size. And it only takes a few months, at the most, for the software used by hackers to find a website. The huge numbers of hackers and their sophisticated technology means there's no safety in numbers.
Another fact to consider is that at least one type of hacking, called brute force, is easy to do and requires little more than an ability to follow instructions. You need only download a free network cracking tool such as Hydra and some quality word lists, and you're set to go. Brute force hacking is considered a script kiddie method. This low barrier to entry is a big reason for the proliferation of hackers.
When you successfully hack a business site and obtain data, converting it into cash is also convenient because of the many data black markets where you can find others who will buy what you have. Many data black markets operate in a similar way to eBay.
How Brute Force Hacking Works
Brute force software essentially tries to guess passwords at a login page by using all possible combinations of characters until one combination works. This can take a very long time for lengthy passwords and isn't practical. However, for short passwords of a few characters it's very feasible. The advantage of this method is that, with sufficient guessing, it always works.
However, many hackers only use this method as a last resort after word list or dictionary attacks have failed. A word list (or dictionary) attack tries commonly used passwords (such as 1234, qwerty, etc.) as well as common words and names people place in their passwords. This modified brute force method cracks passwords quickly, provided they are common or are built up from words. Commonly used number prefixes and suffixes may also be appended to word based guesses, since people often do this when making up a password, such as 123mypassword.
Protecting Your Business From Brute Force Hacking Methods
What the above clearly reveals is that long and random passwords are unhackable because they would take too long to break. Extremely long passwords might require hundreds of years. In addition, your login page should lock out users for a few hours after a certain number of failed login attempts.
An easy way to generate long memorable passwords is to use the first letter of each word of a long sentence. Choose a sentence that only has meaning to you. Include numbers in your sentence such as "2 people 8 3 slices of bread," where 8 means "ate". Special characters can be used as word substitutes (@ means "at," # means "number," etc). Your password should be at least 12 to 14 characters long, but longer if possible. If you have any comments or questions, don't hesitate to contact us.